How to Change the Password Hint in Windows 8.1

June 11th at 12:00am

I recently upgraded my primary workstation to Windows 8.1 (couldn't wait for 10 to do Windows Phone 8 development). A few weeks later I changed my password without updating my Password Hint. Somehow I didn't update my Password Hint during this process, so now when I mis-type my new password I see my old password hint which can get annoying.

Digging a bit deeper I found that I can change the password hint manually. Registry editing is required for this exercise, so it isn't for the faint of heart!

References:

All Your Password Hints Are Belong to Us [trustwave.com]
ASCII Code Encoder [dcode.fr]

Warning

This operation is not meant to be used by novices. Consider this a disclaimer: if something breaks, make sure you have a good backup. :)

If you're willing to assume the risks of tampering with your registery, read on...

Locating Your Password Hint

Microsoft stores the password hint for windows 8 users in the registry. Here's how you find where your hint is located and what it is currently set to:

Open Regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SAM\SAM, Right-click and select Permissions
Be sure to Add YOUR user account to the list with both Full Control and Read permissions
Press F5 to refresh the registry and you'll be able to go deeper :)
Navigate to HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users. You should see something like this:
You'll notice a Names subkey with a registry key for each user. In the key you'll see a (Default) value with a non-standard type as a Hex number. That number maps to the sub-keys which are sibling to the 'Names' key.

Find your user and click on the 000003XX registry key that maps to it
Double-click on the UserPasswordHint registry value and you'll see your password:

Congratulations, you've found your Windows Password hint!

(It is in a goofy binary format, we'll cover that below)

Changing your Windows Password Hint

Now that you've identified your password hint, you can change it. The process is straight forward, though cumbersome:

Use an online ASCII converter to convert your new hint to Hex (http://www.dcode.fr/ascii-code worked for me)
Enter the new password one hex number at a time, followed by 00 after each number
Save the registry key

For example, lets say you want your new hint to be "remember it please!" The raw hex numbers would look like this after conversion:

72 65 6D 65 6D 62 65 72 20 69 74 20 70 6C 65 61 73 65 21

After padding is added your hex string looks like this:

72 00 65 00 6D 00 65 00 6D 00 62 00 65 00 72 00 20 00 69 00 74 00 20 00 70 00 6C 00 65 00 61 00 73 00 65 00 21

Type 00-padded hex string into the UserPasswordHint registry value by hand, or export the User key, update the Password Hint and re-import.

After editing, my UserPasswordHint registry value looks like this:

The next time you login and fat-finger your password, you'll be greeted by your new password reminder. All that's left now is cleaning up.

Cleaning up / Final thoughts

Within RegEdit, navigate to HKEY_LOCAL_MACHINE\SAM\SAM
Right-click on the key and select Permissions
Delete your user from permissions:
Close RegEdit

Now that you've removed your user account permission from the SAM Registry Key, you're system should be back in the state it was before we started this process but with one key change: Your password hint is what you want it to be.